ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhavik patel <bhavikpatel...@gmail.com>
Subject Re: Review Request 63657: The ranger policies json file should be formatted when exported at ranger service manager.
Date Wed, 08 Nov 2017 08:40:45 GMT


> On Nov. 8, 2017, 7:06 a.m., bhavik patel wrote:
> > could you please mention what testing you had done?
> 
> wang yuan wrote:
>     I do some functional testing ,such as:
>     
>     old :Gson gson = new Gson()
>     
>     {"metaDataInfo":{"Host name":"d29-183","Exported by":"admin","Export time":"Nov 8,
2017 2:10:10 AM","Ranger apache version":"1.0.0-SNAPSHOT"},"policies":[{"service":"hdfs_dev","name":"all
- path","policyType":0,"description":"Policy for all - path","isAuditEnabled":true,"resources":{"path":{"values":["/*"],"isExcludes":false,"isRecursive":true}},"policyItems":[{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["mr"],"groups":[],"conditions":[],"delegateAdmin":true}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"id":54,"isEnabled":true,"version":12},{"service":"hdfs_dev","name":"kms-audit-path","policyType":0,"description":"Policy
for kms-audit-path","isAuditEnabled":true,"resources":{"path":{"values":["/ranger/audit/kms"],"isExcludes":false,"isRecursive":true}},"policyItems":[{"accesses":[{"type":"read","isAllowed":true},{"type":"write",
 "isAllowed":true},{"type":"execute","isAllowed":true}],"users":["keyadmin"],"groups":[],"conditions":[],"delegateAdmin":false}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"id":55,"isEnabled":true,"version":1},{"service":"hdfs_dev","name":"111","policyType":0,"description":"","isAuditEnabled":true,"resources":{"path":{"values":["/aaa"],"isExcludes":false,"isRecursive":true}},"policyItems":[{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["wyread2"],"groups":[],"conditions":[],"delegateAdmin":true}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["wy"],"groups":[],"conditions":[],"delegateAdmin":false}],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"id":65,"isEnabled":true,"version":8}],"startIndex":
 0,"pageSize":0,"totalCount":0,"resultSize":0,"queryTimeMS":1510107010382}
>     
>     new format json:  Gson gson = new GsonBuilder().setPrettyPrinting().create(); 
>     
>     {
>       "metaDataInfo": {
>         "Host name": "d29-183",
>         "Exported by": "admin",
>         "Export time": "Nov 8, 2017 2:34:30 AM",
>         "Ranger apache version": "1.0.0-SNAPSHOT"
>       },
>       "policies": [
>         {
>           "service": "hbase_dev",
>           "name": "all - table, column-family, column",
>           "policyType": 0,
>           "description": "Policy for all - table, column-family, column",
>           "isAuditEnabled": true,
>           "resources": {
>             "column": {
>               "values": [
>                 "*"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             },
>             "column-family": {
>               "values": [
>                 "*"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             },
>             "table": {
>               "values": [
>                 "*"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             }
>           },
>           "policyItems": [
>             {
>               "accesses": [
>                 {
>                   "type": "read",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "write",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "create",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "admin",
>                   "isAllowed": true
>                 }
>               ],
>               "users": [
>                 "wy"
>               ],
>               "groups": [],
>               "conditions": [],
>               "delegateAdmin": true
>             },
>             {
>               "accesses": [
>                 {
>                   "type": "read",
>                   "isAllowed": true
>                 }
>               ],
>               "users": [
>                 "wyread"
>               ],
>               "groups": [],
>               "conditions": [],
>               "delegateAdmin": true
>             },
>             {
>               "accesses": [
>                 {
>                   "type": "write",
>                   "isAllowed": true
>                 }
>               ],
>               "users": [
>                 "wywrite"
>               ],
>               "groups": [],
>               "conditions": [],
>               "delegateAdmin": true
>             },
>             {
>               "accesses": [
>                 {
>                   "type": "create",
>                   "isAllowed": true
>                 }
>               ],
>               "users": [
>                 "wycreate"
>               ],
>               "groups": [],
>               "conditions": [],
>               "delegateAdmin": true
>             },
>             {
>               "accesses": [
>                 {
>                   "type": "admin",
>                   "isAllowed": true
>                 }
>               ],
>               "users": [
>                 "wyadmin"
>               ],
>               "groups": [],
>               "conditions": [],
>               "delegateAdmin": true
>             },
>             {
>               "accesses": [
>                 {
>                   "type": "read",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "write",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "create",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "admin",
>                   "isAllowed": true
>                 }
>               ],
>               "users": [
>                 "mr"
>               ],
>               "groups": [],
>               "conditions": [],
>               "delegateAdmin": true
>             }
>           ],
>           "denyPolicyItems": [],
>           "allowExceptions": [],
>           "denyExceptions": [],
>           "dataMaskPolicyItems": [],
>           "rowFilterPolicyItems": [],
>           "id": 1,
>           "isEnabled": true,
>           "version": 15
>         },
>         {
>           "service": "hbase_dev",
>           "name": "wy123",
>           "policyType": 0,
>           "description": "",
>           "isAuditEnabled": true,
>           "resources": {
>             "column": {
>               "values": [
>                 "*"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             },
>             "column-family": {
>               "values": [
>                 "*"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             },
>             "table": {
>               "values": [
>                 "ns1:*"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             }
>           },
>           "policyItems": [
>             {
>               "accesses": [
>                 {
>                   "type": "read",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "write",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "create",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "admin",
>                   "isAllowed": true
>                 }
>               ],
>               "users": [
>                 "ccc"
>               ],
>               "groups": [],
>               "conditions": [],
>               "delegateAdmin": false
>             }
>           ],
>           "denyPolicyItems": [],
>           "allowExceptions": [],
>           "denyExceptions": [],
>           "dataMaskPolicyItems": [],
>           "rowFilterPolicyItems": [],
>           "id": 57,
>           "isEnabled": true,
>           "version": 3
>         },
>         {
>           "service": "hbase_dev",
>           "name": "wyread2",
>           "policyType": 0,
>           "description": "",
>           "isAuditEnabled": true,
>           "resources": {
>             "column": {
>               "values": [
>                 "*"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             },
>             "column-family": {
>               "values": [
>                 "*"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             },
>             "table": {
>               "values": [
>                 "pag"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             }
>           },
>           "policyItems": [
>             {
>               "accesses": [
>                 {
>                   "type": "read",
>                   "isAllowed": true
>                 }
>               ],
>               "users": [
>                 "wyread2"
>               ],
>               "groups": [],
>               "conditions": [],
>               "delegateAdmin": false
>             }
>           ],
>           "denyPolicyItems": [],
>           "allowExceptions": [],
>           "denyExceptions": [],
>           "dataMaskPolicyItems": [],
>           "rowFilterPolicyItems": [],
>           "id": 61,
>           "isEnabled": true,
>           "version": 4
>         },
>         {
>           "service": "hbase_dev2",
>           "name": "all - table, column-family, column",
>           "policyType": 0,
>           "description": "Policy for all - table, column-family, column",
>           "isAuditEnabled": true,
>           "resources": {
>             "column": {
>               "values": [
>                 "*"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             },
>             "column-family": {
>               "values": [
>                 "*"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             },
>             "table": {
>               "values": [
>                 "*"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             }
>           },
>           "policyItems": [
>             {
>               "accesses": [
>                 {
>                   "type": "read",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "write",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "create",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "admin",
>                   "isAllowed": true
>                 }
>               ],
>               "users": [
>                 "mr"
>               ],
>               "groups": [
>                 "public",
>                 "wy"
>               ],
>               "conditions": [],
>               "delegateAdmin": true
>             }
>           ],
>           "denyPolicyItems": [],
>           "allowExceptions": [],
>           "denyExceptions": [
>             {
>               "accesses": [
>                 {
>                   "type": "write",
>                   "isAllowed": true
>                 }
>               ],
>               "users": [
>                 "wy"
>               ],
>               "groups": [],
>               "conditions": [],
>               "delegateAdmin": false
>             }
>           ],
>           "dataMaskPolicyItems": [],
>           "rowFilterPolicyItems": [],
>           "id": 62,
>           "isEnabled": true,
>           "version": 4
>         },
>         {
>           "service": "hbase_dev",
>           "name": "adsf",
>           "policyType": 0,
>           "description": "",
>           "isAuditEnabled": true,
>           "resources": {
>             "column": {
>               "values": [
>                 "sdaf"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             },
>             "column-family": {
>               "values": [
>                 "dsaf"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             },
>             "table": {
>               "values": [
>                 "sdaf"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             }
>           },
>           "policyItems": [],
>           "denyPolicyItems": [],
>           "allowExceptions": [],
>           "denyExceptions": [],
>           "dataMaskPolicyItems": [],
>           "rowFilterPolicyItems": [],
>           "id": 68,
>           "isEnabled": true,
>           "version": 1
>         },
>         {
>           "service": "hbase_dev",
>           "name": "sdaf",
>           "policyType": 0,
>           "description": "",
>           "isAuditEnabled": true,
>           "resources": {
>             "column": {
>               "values": [
>                 "asdf"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             },
>             "column-family": {
>               "values": [
>                 "asdf"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             },
>             "table": {
>               "values": [
>                 "sdfa"
>               ],
>               "isExcludes": false,
>               "isRecursive": false
>             }
>           },
>           "policyItems": [
>             {
>               "accesses": [
>                 {
>                   "type": "read",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "write",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "create",
>                   "isAllowed": true
>                 },
>                 {
>                   "type": "admin",
>                   "isAllowed": true
>                 }
>               ],
>               "users": [
>                 "wy"
>               ],
>               "groups": [],
>               "conditions": [],
>               "delegateAdmin": false
>             }
>           ],
>           "denyPolicyItems": [],
>           "allowExceptions": [],
>           "denyExceptions": [],
>           "dataMaskPolicyItems": [],
>           "rowFilterPolicyItems": [],
>           "id": 69,
>           "isEnabled": true,
>           "version": 4
>         }
>       ],
>       "startIndex": 0,
>       "pageSize": 0,
>       "totalCount": 0,
>       "resultSize": 0,
>       "queryTimeMS": 1510108470793
>     }

Can you please confirm that import functionality is working.


- bhavik


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63657/#review190430
-----------------------------------------------------------


On Nov. 8, 2017, 6:31 a.m., wang yuan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63657/
> -----------------------------------------------------------
> 
> (Updated Nov. 8, 2017, 6:31 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh,
Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, Selvamohan Neethiraj, Velmurugan
Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1877
>     https://issues.apache.org/jira/browse/RANGER-1877
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> The ranger policies json file should be formatted when exported  at ranger service manager.

> I found  it's difficult to edit the unformatted json file.
> 
> {code:title=ServiceDBStore.java|borderStyle=solid}
> private void writeJson(List<RangerPolicy> policies, String jsonFileName,
> 			HttpServletResponse response) throws JSONException, IOException {
> 		... ...
> 		//Gson gson = new Gson();      //shoud be replaced:
>                 Gson gson = new GsonBuilder().setPrettyPrinting().create();
> 		
>                 String json = gson.toJson(rangerExportPolicyList, RangerExportPolicyList.class);
>                 ... ...
> {code}
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 195510dc 
> 
> 
> Diff: https://reviews.apache.org/r/63657/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> wang yuan
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message